[Dshield] Port 135
Jon R. Kibler
Jon.Kibler at aset.com
Wed Oct 16 14:38:41 GMT 2002
You know, a public domain version of this tool, used to send text-only messages, could be quite useful!
Q: What is the biggest problem we have dealing with infected systems?
A: Contacting the actual admin of the system.
Thus, my idea:
Almost any system insecure enough to be infected by Nimda, SQLSnake, etc. is probably insecure enough to have Port 135 open. Therefore, we could take a public domain version of the spam tool described in this article, integrate it into our IDSes, and when we get hit by an infected system, blast back to the system console a Pop-Up Message along the lines of "Hey dummy, your system is infected by [insert parasite name]. How about doing a better job of securing your systems?". At least would would then know that someone knows about the infected system!
Just a thought... a little perverse thought maybe, but a thought just the same.
Charleston, SC USA
> Getting suspicious hits on port 135? This may explain it. A new breed
> of spam slam.
More information about the list